Whilst KEMP LoadMaster can bring a solution to distribute the web workload, KEMP also has a feature to harden the Web Application by utilizing the WAF (Web Application Firewall).
WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP/s traffic between a web application and the internet. The typical protection of WAF can provide such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection.
The original product of KEMP Technologies can be found at https://kemptechnologies.com/
KEMP VLM has two types of licenses, the paid one and the trial one.
You can go with the paid license for a production environment since it will unlock all the features that KEMP VLM has.
However, we will go with the trial license in this section since we don’t need to go to a production environment yet.
Please register your account Here – Start Free Trial to get your free trial license.
First, you need to Deploy a Virtual Machine with KEMP VLM as a template image.
Access the KEMP management UI and set the new password for the administrator. Please set the password so that it will fulfill the complexity requirements.
The management interface should be like in this picture.
You need to create additional private IP and public IP since the default private IP and public IP will be used as the management interface. Please follow the steps below to add new IP to an existing VM.
Content Rules are needed because if there are 2 different websites that use the same 1 IP on the SubVirtul Real server (SubVR), only the website that is in the last order can be accessed.
Example:
Assigned the content rules to each SubVS
Virtual Services will contain an HTTP/s service held by the backend webserver.
Name | Value | Description |
Virtual Address | 10.1.1.108 | Private IP of KEMP Machine |
Port | 80 or 443 | common HTTP/s port service |
Service Name (Optional) | http / https | Optional name of the service |
Protocol | tcp | transport protocol with a reliable connection |
Example of virtual service configuration
This SubVS will contain each virtual host configuration of the domain.
Example of HTTP SubVs and Real Server configuration
Assumed you have an SSL certificate and you want the access to your domain is going through an HTTPS connection.
First, thin
Please create Virtual Services with 443 as a listening port.
You may set the Real Server with an 80 port since the SSL termination will be at the KEMP side.
Import the SSL certificate of your domain to KEMP LoadMaster.
Then assign the available certificate to 443 Virtual Services
Almost there! We will continue to add some WAF rules in the next part. Please visit article part 2 here!